Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 17 Jun 2015 06:43:00 -0700
From: Tristan Cacqueray <>
To: Salvatore Bonaccorso <>,
Subject: Re: [OSSA 2015-011] Cinder host file disclosure through
 qcow2 backing file (CVE-2015-1851)

Hi Salvatore,

On 06/16/2015 09:33 PM, Salvatore Bonaccorso wrote:
> Could you clearify if this CVE assignment is correct?

OSSA 2015-011 assigned the wrong CVE and it should have included
CVE-2015-1851 instead. An ERRATA will be issued soon.

> I noticed that Red Hat Bugzilla has
> (CVE-2015-1850)
> for the nova issue and similarly
> (CVE-2015-1851)
> for the cinder issue. Is this correct?
This is correct. Note that while a CVE has been assigned for the Nova
part, the bug has still not been reproduced there, and while there is no
patch, Nova has been left out of this OSSA.

> Regards and thanks in advance,
> Salvatore

Thanks for bringing that up!
Tristan Cacqueray
OpenStack Vulnerability Management Team

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.